8.2 Installing Novell SecureLogin in LDAP Environment With eDirectory

The LDAP option installs Novell SecureLogin into LDAP v3 directory environments (for example, Novell eDirectory 8.8 or later).

You can specify more than one LDAP server for the Novell SecureLogin installation. Although the dialog box in the installation program only allows you to specify one LDAP server, you can specify additional servers by modifying the automate.ini file.

The LDAP option does not require the Novell Client for Windows. However, if Novell Client32 is installed on the workstation, Client32 is the initial authentication or GINA. If you want LDAP authentication to be the initial authenticator, you must uninstall Novell Client32.

  1. Log in to the workstation as an administrator.

  2. Double-click the Novell SecureLogin.msi located in the SecureLogin\Client directory of the Novell SecureLogin 7.0 SP1 installer package to begin the install process. The Installation Wizard launches.

  3. Click Next. The License Agreement page is displayed.

  4. Accept the license agreement, then click Next.

    The Destination Folder page is displayed. By default, the program is saved in C:\Program Files\Novell\SecureLogin\.You can accept the default folder or choose to change. To change, click Change and navigate to your desired folder.

  5. Click Next. The Select a datastore for SecureLogin (that is the installation environment) page is displayed.

  6. Select Novell eDirectory as the platform where Novell SecureLogin stores its data, then click Next.

    If the Novell Client is installed, the installation program recommends the Novell Client for Windows option. Otherwise, LDAP is recommended.

    In the complete mode of installation, the install takes the default values and proceeds with the installation. If the Novell Client is installed, the default Account association is Novell Client association. If you do not have not Novell Client installed, the default Account association is Windows association.

    However, if you want to associate the account association to Workstation, change the registry setting in hklm/software/novell/login/ldap as follows:

    DoNTAssoc REG_SZ 1

    DoClient32Assoc REG_SZ 0

  7. If you have selected LDAP, choose when you want to log in to LDAP.

    The three LDAP log in options are:

    • When Logging into Windows: If you select this option, the default Windows login dialog box is replaced by the Novell SecureLogin authentication dialog. If the directory authentication is successful, Novell SecureLogin launches seamlessly.

    • After Successfully logging into Windows: If you select this option, Novell SecureLogin login dialog box appears after logging in to Windows and before the desktop screen appears. In this scenario too, Novell SecureLogin launches seamlessly.

    • When SecureLogin Starts: If you have earlier selected the Launch SecureLogin on Startup option, Novell SecureLogin launches after the desktop comes up. Otherwise, the desktop loads and you must manually launch Novell SecureLogin.

    Click Next.

  8. Specify the LDAP server information. The smart card option page is displayed.

  9. (Optional) If you want to use smart card and if ActiveClient is detected in your system, select Yes > click Next, then continue with Step 11.

  10. If you do not want to use smart card, select No > click Next, then continue with Step 13.

  11. Select a cryptographic service provider from which Novell SecureLogin requests PKI credentials through a Microsoft Crypto API.

  12. Select a PKCS#11 compatible library required for accessing the smart card, then click Next.

    NOTE:This specifies the location of the Cryptographic Token Interface installed as part of the smart card vendor’s software. These API files are used by Novell SecureLogin to communicate with the smart card.

    Manually configuring the third-party smart card PKCS library assumes a high level of understanding the Cryptographic Service Provider’s product.

  13. Select whether SecureLogin is to install the SecretStore client, the NMAS client, or both, then click Next.

    NOTE:Select Novell SecretStore only if SecretStore is installed on a server. For more information on SecretStore, see “Installing SecretStore” in the SecretStore 3.4 Administration Guide.

    The Novell SecretStore option installs the SecretStore client, which provides additional security. If you deselect this option and want to install it later, you must uninstall SecureLogin, then run the SecureLogin installation again.

    However, if you install the SecretStore client and then later run the install program and deselect the SecretStore client, you will cause problems with the directory cache. All the credential sets that are stored in SecretStore will be unavailable to the eDirectory client. Nevertheless, as long as the local cache is enabled, you can still run SecureLogin. The local cache populates the eDirectory cache.

    The uninstall program does not delete user credentials. The Novell NMAS Client option installs the NMAS client. SecureLogin uses this option with the AAVerify command, to enable advanced authentication access to an application and also for NMAS authentication using LDAP.

  14. (Conditional) If you selected the NMAS client, select one or more NMAS login methods, then click Next.

    Here, selecting the Simple Password option is mandatory if Universal Password is not created or configured in eDirectory.

  15. Select post-login methods, then click Next.

  16. Select the installation features. Click Next.

  17. Click Next. The Ready to Install the Program dialog box is displayed.

  18. Click Install.

  19. Click Finish. By default, the Launch ReadMe option is selected.

  20. Specify when you want to restart the computer, then click OK.

NOTE:The ?syscontext variable indicates the computer name instead of displaying the context in which the user’s directory object resides.